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DETAILED ACTION 

Claims 1-31 are pending for examination. 
Claims 1-31 are rejected. 

Claim Rejections - 35 USC § 101 

1. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 14-19 and 28-31 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. The claims are directed to a 
computer program product, which as defined on page 50, lines 9-13 of the specification 
as including carrier waves, which are held on connection lines for only a short time. 
Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless -(b) the invention was patented or described in a printed 
publication in this or a foreign country or in public use or on sale in this country, more than one year prior to 
the date of application for patent in the United States. 

Claims 6, 7, 12, 13, 18, and 19 are rejected under 35 U.S.C. 102(b) as being 
anticipated by US 6 496 935, Fink et al. 

2. As per claim 6, Fink teaches a packet forwarder which forwards a packet from its 
network interface to its other network interface according to its routing table (Column 5, 
lines 51-54, where the system routes according to filtering rules), comprising a received 
packet transfer unit that transmits a routing information packet received at the network 
interface to a packet control device that maintains the routing table of the packet 
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forwarder using a routing process (column 9, lines 1-16, where the pre-filtering module 
receives packets from an external source, such as a MAC interface, and forwards the 
packet to the firewall through the firewall interface). 

3. As per claim 7, Fink teaches the packet forwarder according to claim 6, further 
comprising a routing table setting unit that receives a routing table from the packet 
control device, and that sets the routing table to the packet forwarder (Column 7, line 62 
through column 8, line 3, where the pre-filtering module contains a connection database 
which stores in its memory instructions from the firewall). 

4. As per claim 12, Fink teaches a method of maintaining a routing table of a packet 
forwarder (Column 7, line 62 through column 8, line 3, where the pre-filtering module 
contains a connection database which stores in its memory instructions from the 
firewall), the method comprising: 

receiving a routing information packet from a network interface of a packet 
forwarder (Figure 1 , where packets enter and leave the gateway through network 
interfaces before they are processed by the pre-filtering module and the firewall, 
also column 9, lines 1-16, where the pre-filtering module receives packets from 
an external source); and 

transferring the routing information packet to a packet control device (Column 6, 
line 65 to column 7, line 16, where the firewall receives the packet and 
determines whether the packet should be permitted to enter and/or leave the 
network, also column 9, lines 1-16, where the pre-filtering module receives 
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packets from an external source and forwards the packet to the firewall through 
the firewall interface). 

5. As per claim 13, Fink teaches the method according to claim 12, further 
comprising: 

receiving a routing table from a packet control device (Column 6, line 65 through 
column 7, line 3, where the firewall passes the packet to the analysis module for 
determination of whether the packet is allowed); and 

setting the routing table to the packet forwarder (Column 7, lines 17-21 , where 
the relevant instructions for the packet are passed from the firewall to the pre- 
filtering module). 

6. As per claim 18, Fink teaches a computer program product for maintaining a 
routing table of a packet forwarder, including computer executable instructions stored 
on a computer readable medium, wherein the instructions, when executed by the 
computer (Column 3, line 63 through column 4, line 6, where the method can be 
implemented as software), cause the computer to perform: 

receiving a routing information packet from a network interface of the packet 
forwarder (Figure 1 , where packets enter and leave the gateway through network 
interfaces before they are processed by the pre-filtering module and the firewall, 
also column 9, lines 1-16, where the pre-filtering module receives packets from 
an external source); and 

transferring the routing information packet to the packet control device (Column 
6, line 65 to column 7, line 16, where the firewall receives the packet and 
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determines whether the packet should be permitted to enter and/or leave the 
network, also column 9, lines 1-16, where the pre-filtering module receives 
packets from an external source and forwards the packet to the firewall through 
the firewall interface). 

7. As per claim 19, Fink teaches the computer program product according to claim 
18, wherein the instructions further cause the computer to perform: 

receiving a routing table from a packet control device (Column 6, line 65 through 
column 7, line 3, where the firewall passes the packet to the analysis module for 
determination of whether the packet is allowed); and 

setting the routing table to the packet forwarder (Column 7, lines 17-21 , where 
the relevant instructions for the packet are passed from the firewall to the pre- 
filtering module). 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 10, 11, 16, 17, 20, 24, and 28 are rejected under 35 U.S.C. 102(e) as 
being anticipated by US 2003/0204618, Foster et al. 

9. As per claim 1 0, Foster teaches a method of maintaining a routing table in a 
system that includes a packet forwarder and a packet control device, the packet 
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forwarder including a plurality of network interfaces (Figure 2A, where each packet 
forwarder has multiple connection interfaces), the packet control device including a 
plurality of network interface and a plurality of virtual interfaces each having address 
information that is associated with one of the network interfaces of the packet forwarder 
(page 5, paragraph [0029], where the virtual identifier translation table reflects the IP 
ports related to the virtual interfaces of the VPN), the method comprising: 

dividing the network interfaces of the packet control device and the virtual 
interfaces into a plurality of groups (Figures 2B and 2C, where the virtual and real 
addresses are kept separately and routed accordingly); and 
maintaining a routing table of each of the group using a routing process 
associated with each of the groups (Figures 2B and 2C, where the virtual and 
real addresses are kept separately and routed accordingly). 

1 0. As per claim 1 1 , Foster teaches the method according to claim 1 0, wherein the 
virtual interfaces are grouped for each packet forwarder, further comprising maintaining 
a routing table of each packet forwarder using a routing process associated with each of 
the virtual interfaces grouped (Page 5, paragraph [0029], where each IFM maintains a 
virtual identifier table for each of its ports). 

11. As per claim 1 6, Foster teaches a computer program product for maintaining a 
routing table (page 2, paragraph [0013], where the system is a software facility), the 
packet forwarder including a plurality of network interfaces (Figure 2A, where each 
packet forwarder has multiple connection interfaces), the packet control device including 
a plurality of network interfaces and a plurality of virtual interfaces each having address 
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information that is associated with one of the network interfaces of the packet forwarder 
(page 5, paragraph [0029], where the virtual identifier translation table reflects the IP 
ports related to the virtual interfaces of the VPN), the computer program product 
including computer executable instructions stored on a computer readable medium, 
wherein the instructions, when executed by the computer, cause the computer to 
perform: 

dividing the network interfaces of the packet control device and the virtual 
interfaces into a plurality of groups (Figures 2B and 2C, where the virtual and real 
addresses are kept separately and routed accordingly); and 
maintaining a routing table of each of the groups using a routing process 
associated with each of the groups (Figures 2B and 2C, where the virtual and 
real addresses are kept separately and routed accordingly). 

12. As per claim 1 7, Foster teaches the computer program product according to 
claim 16, wherein the virtual interfaces are grouped for each packet forwarder, and the 
instructions further cause the computer to perform maintaining a routing table of each 
packet forwarder using a routing process associated with each of the virtual interfaces 
grouped (Page 5, paragraph [0029], where each IFM maintains a virtual identifier table 
for each of its ports). 

1 3. As per claim 20, Foster teaches a router control device (abstract, where the 
system processes received data for routing through a network) comprising: 

a virtual interface setting unit that creates and manages virtual interfaces on a 
router control device according to corresponding network interfaces of a 
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forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual identifier 
table for each of its ports); 

a routing unit that generates a routing table for the forwarder based on routing 
information in routing information packets received at the network interface of the 
forwarder and transferred by the forwarder to the router control device (Figures 
2B and 2C and accompanying description beginning page 5, paragraph [0032], 
where the device forms routing information tables according to the source and 
destination identifiers); and 

a routing information storage unit that stores a routing table created and 
managed by the routing unit for packet forwarding between the virtual interfaces 
(Page 5, paragraph [0029], where each IFM contains a virtual identifier table for 
each of its ports). 

14. As per claim 24, Foster teaches a method of maintaining a routing table 

(abstract), comprising: 

creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder (Page 5, paragraph [0029], 
where the IFM maintains a virtual identifier table for each of its ports); 
generating a routing table for the forwarder based on routing information in 
routing information packets received at the network interface of the forwarder and 
transferred by the forwarder to the router control device (Figures 2B and 2C and 
accompanying description beginning page 5, paragraph [0032], where the device 
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forms routing information tables according to the source and destination 
identifiers); and 

storing a routing table created and managed by the routing unit for packet 
forwarding between the virtual interfaces (Page 5, paragraph [0029], where each 
IFM contains a virtual identifier table for each of its ports). 
1 5. As per claim 28, Foster teaches a computer program product for maintaining a 
routing table (abstract), including computer executable instructions stored on a 
computer readable medium, wherein the instructions, when executed by the computer, 
cause the computer to perform: 

creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder (Page 5, paragraph [0029], 
where the IFM maintains a virtual identifier table for each of its ports); 
generating a routing table for the forwarder based on routing information in 
routing information packets received at the network interface of the forwarder and 
transferred by the forwarder to the router control device (Figures 2B and 2C and 
accompanying description beginning page 5, paragraph [0032], where the device 
forms routing information tables according to the source and destination 
identifiers); and 

storing a routing table created and managed by the routing unit for packet 
forwarding between the virtual interfaces (Page 5, paragraph [0029], where each 
IFM contains a virtual identifier table for each of its ports). 
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Claim Rejections - 35 USC § 103 

16. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

17. Claims 1-5, 8, 9, 14, and 15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US 6496935, Fink et al and US 2003/0204618, Foster et al. 

18. As per claim 1 , Fink teaches a packet control system (abstract) comprising: 

a packet forwarder that transfers a packet received from a network interface to 

another network interface (Figure 1 , pre-filtering module); and 

a packet control device that routes the packet using a routing process (Figure 1 , 

firewall 18, where the routing information is filter information), wherein 

the packet forwarder includes 

a received packet transfer unit that transmits to the packet control device a 
routing information packet received from the network interface (Column 6, 
line 65 to column 7, line 16, where the firewall receives the packet and 
determines whether the packet should be permitted to enter and/or leave 
the network), and 
the packet control device includes 

a transmitted packet reception unit that receives the routing information 
packet (Column 6, line 67, where the firewall inspects the packets, which 
thereby have been transferred from the pre-filtering module to the firewall), 
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that associates the routing information packet with the interface (Column 
7, lines 2-4, where the firewall determines if the connection should be 
permitted to pass through the device interface), and that delivers the 
routing information packet to the routing process (Column 7, lines 1-4, 
where the analysis module performs the determination); and 
a transmitted packet transfer unit that receives the routing information 
packet sent by the routing process, and that transmits the routing 
information packet to the packet forwarder (Column 7, lines 17-21 , where 
the firewall passes the relevant instructions concerning the packet to the 
pre-filtering module). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
a virtual interface that has address information associated with the network 
interface of the packet forwarder (page 5, paragraph [0029], where the virtual 
identifier translation table reflects the IP ports related to the virtual interfaces of 
the VPN); and 

a transmitted packet reception unit that receives the routing information packet 
and that associates the routing information packet with the virtual interface 
(Figure 3, Virtual Identifier Translation Table 325). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
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Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 1 1 ). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

19. As per claim 2, Fink teaches a packet control device which constructs a routing 
table for a packer forwarder controlled by the packet control device, using a routing 
process running on the packet control device, the packet control device comprising: 
a transmitted packet reception unit that receives the routing information packet 
transmitted from the packet forwarder (Column 6, line 67, where the firewall 
inspects the packets, which thereby have been transferred from the pre-filtering 
module to the firewall), that associates the routing information packet with the 
interface corresponding to an incoming network interface of the packet forwarder 
(Column 7, lines 2-4, where the firewall determines if the connection should be 
permitted to pass through the device interface), and that transmits the routing 
information packet to the routing process (Column 7, lines 1-4, where the 
analysis module performs the determination); and 

a transmitted packet transfer unit that receives the routing information packet 
sent by the routing process, and that transmits the routing information packet to 
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the packet forwarder (Column 7, lines 17-21 , where the firewall passes the 
relevant instructions concerning the packet to the pre-filtering module). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
a virtual interface that has address information associated with the network 
interface of the packet forwarder (page 5, paragraph [0029], where the virtual 
identifier translation table reflects the IP ports related to the virtual interfaces of 
the VPN). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (column 7, line 1 1 ). One way of 
rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

20. As per claim 3, the combination of Fink and Foster teaches the packet control 

device according to claim 2, further comprising: 

a routing table transfer unit that acquires a routing table updated by the routing 
process, and that transmits the routing table to the packet forwarder (Fink 
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teaches this limitation. Column 4, lines 51-55, where the firewall sends packet 
passage information to the pre-filtering module, which allows for forwarding and 
routing by the forwarder). 
21 . As per claim 4, Fink teaches a packet control device which constructs a routing 
table for a packet forwarder controlled by the packet control device which determines an 
outgoing network interface of the packet received at an incoming network interface of 
the packet forwarder (column 5, lines 47-59, where the rule base establishes forwarding 
rules for packets, permitting them to be forwarded through to the output interface or 
dropping them if they violate the rules of the rule base), the packet control device 
comprising: 

a plurality of network interfaces (column 7, lines 28-32, where the pre-filtering 
module features a plurality of network interfaces). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 

a plurality of virtual interfaces each having address information that is associated 
with one of the network interfaces of the packet forwarder (page 7, paragraph 
[0044], where the computing device uses virtual identifiers when transmitting and 
receiving data communications), the network interfaces of the packet control 
device and the virtual interfaces being divided into a plurality of groups (page 5, 
paragraph [0029], where the virtual identifier translation table reflects the IP ports 
related to the virtual interfaces of the VPN), wherein 
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the packet control device routes the packet using a routing process associated 
with each of the groups considering interfaces belongs to the groups to create a 
dedicated routing table for each, the each of the groups corresponds to a 
separate device (Figures 2B and 2C, where the virtual and real addresses are 
kept separately and routed accordingly). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (column 7, line 1 1 ). One way of 
rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

22. As per claim 5, the combination of Fink and Foster teaches the packet control 
device according to claim 4, wherein the virtual interfaces are grouped for each packet 
forwarder, and the packet control device maintains routing tables using a routing 
process associated with each of the virtual interfaces grouped (Foster teaches this 
limitation. Figures 2B and 2C, where each table uses different routing processes to 
make connections). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include separate routing tables for virtual and real addresses. Fink teaches that the 
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analysis module of the firewall determines actions to take with the packet, including that 
of rewriting address fields (column 7, line 11). One way of rewriting addresses involves 
using virtual addresses, which simplify routing, as they allow a path to be reconfigured 
in a manner transparent to a source (Foster, page 3, paragraph [0019]). This would be 
beneficial in Fink's system, as it would allow the firewall to work with another layer of 
security and simplicity, as well as the ability to work on various network types. 
23. As per claim 8, Fink teaches a method of maintaining a routing table using a 
routing process (abstract, where the pre-filtering module performs a limited set of 
actions with packets previously permitted by the firewall), the method comprising: 

receiving a routing information packet which is received by a packet forwarder 
(column 8, lines 12-15, where the pre-filtering module sends information to the 
firewall for processing); 

delivering the routing information packet to the routing process (column 6, line 65 
through column 7, line 3, where the firewall passes the packet to the analysis 
module for determination of whether the packet is allowed); 
receiving the routing information packet sent by the routing process (column 7, 
lines 17-21, where the firewall forwards the relevant instructions to the pre- 
filtering module, inherently receiving them from the analysis module for 
forwarding); and 

transmitting the routing information packet to the packet forwarder for 
transmitting from its network interface (column 7, lines 17-21, where the firewall 
forwards the relevant instructions for the packet to the pre-filtering module). 
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Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
associating the routing information packet with a virtual interface that has 
address information associated with a network interface of the packet forwarder 
(page 5, paragraph [0029], where the virtual identifier translation table reflects 
the IP ports related to the virtual interfaces of the VPN). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 1 1 ). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

24. As per claim 9, the combination of Fink and Foster teaches the method according 

to claim 8, further comprising: 

acquiring a routing table updated by the routing process (Fink teaches this 
limitation. Column 6, line 65 through column 7, line 21, where the analysis 
module makes determinations, which are passed on by the firewall to the pre- 
filtering module); and 
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transmitting the routing table to the packet forwarder (Fink teaches this limitation. 
Column 7, line 62 through column 8, line 3, where the pre-filtering module 
contains a connection database which stores in its memory instructions from the 
firewall). 

25. As per claim 14, Fink teaches a computer program product for routing a packet 
using a routing process, including computer executable instructions stored on a 
computer readable medium, wherein the instructions, when executed by the computer 
(Column 3, line 63 through column 4, line 6, where the method can be implemented as 
software), cause the computer to perform: 

receiving a routing information packet from a network interface of a packet 
forwarder (Figure 1 , where packets enter and leave the gateway through network 
interfaces before they are processed by the pre-filtering module and the firewall); 
transmitting the routing information packet to a packet control device (Column 6, 
line 65 to column 7, line 16, where the firewall receives the packet and 
determines whether the packet should be permitted to enter and/or leave the 
network); 

receiving the routing information packet from the packet forwarder (Figure 3, step 
4b, where the packet is received by firewall from pre-filtering module); 
transmitting the routing information packet to the routing process (column 6, line 
65 through column 7, line 3, where the firewall passes the packet to the analysis 
module for determination of whether the packet is allowed); 



Application/Control Number: 10/781,792 Page 19 

Art Unit: 4121 

receiving the routing information packet transmitted from the routing process 
(column 7, lines 17-21, where the firewall forwards the relevant instructions to the 
pre-filtering module, inherently receiving them from the analysis module for 
forwarding); and 

transmitting the routing information packet to the packet forwarder (column 7, 
lines 17-21 , where the firewall forwards the relevant instructions for the packet to 
the pre-filtering module). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
associating the routing information packet with a virtual interface that has 
address information associated with the network interface (page 5, paragraph 
[0029], where the virtual identifier translation table reflects the IP ports related to 
the virtual interfaces of the VPN). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 1 1 ). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
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firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

26. As per claim 1 5, the combination of Fink and Foster teaches the computer 
program product according to claim 14, wherein the instructions further cause the 
computer to perform: 

acquiring a routing table updated by the routing process (Fink teaches this 
limitation. Column 7, line 62 through column 8, line 3, where the pre-filtering 
module contains a connection database which stores in its memory instructions 
from the firewall); and 

transmitting the routing table to the packet forwarder (Fink teaches this limitation. 
Column 4, lines 51-55, where the firewall sends packet passage information to 
the pre-filtering module, which allows for forwarding and routing by the 
forwarder). 

27. Claims 21 , 22, 25, 26, 29, and 30 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over US 2003/0204618, Foster et al as applied to claims 20, 24, and 28 
above, and further in view of US 6 272 522, Lin et al. 

28. As per claim 21 , Foster teaches the router control device according to claim 20. 
Foster does not teach a specific method of generating or updating the routing tables for 
his system. Lin teaches a method of routing within a packet switching system 
comprising: 

a tunnel transfer unit that transfers the routing information packet via a 
communication path that connects between the network interface and the virtual 
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interface (Column 10, lines 17-42, where the packet is sent from the network 
interface of the switching processor to the virtual interface of the control 
processor), wherein 

the routing information storage unit stores the routing information in the routing 
information packet transferred by the tunnel transfer unit (Column 6, lines 43-54, 
where the raw load data is sent to the master module to determine the new load 
balancing), and 

the routing unit generates the routing table for the forwarder based on the routing 
information stored in the routing information storage unit (Column 6, lines 4-6, 
where the control processor writes the new load balancing information into the 
shared memory for use by the switching processor). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

29. As per claim 22, Foster teaches the router control device according to claim 20. 
Foster does not teach a specific method of generating or updating the routing tables for 
his system. Lin teaches a method of routing within a packet switching system 
comprising: 
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a routing table transmission unit that acquires the routing table and that transmits 
the routing table to the forwarder (Column 6, lines 4-6, where the distribution data 
is written into the shared memory for use by the switching processor), wherein 
the routing unit generates the routing table for the forwarder based on the routing 
information stored in the routing information storage unit (Column 6, lines 55-60, 
where the switching processor accesses the routing table stored in the shared 
memory). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

30. As per claim 25, Foster teaches the method according to claim 24. 

Foster does not teach a specific method of generating or updating the routing tables for 

his system. Lin teaches a method of routing within a packet switching system 

comprising: 

transferring the routing information packet via a communication path that 
connects between the network interface and the virtual interface (Column 10, 
lines 17-42, where the packet is sent from the network interface of the switching 
processor to the virtual interface of the control processor), wherein 
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the storing includes storing the routing information in the routing 
information packet transferred by the tunnel transfer unit (Column 6, lines 
43-54, where the raw load data is sent to the master module to determine 
the new load balancing), and 

the generating includes generating the routing table for the forwarder 
based on the routing information stored (Column 6, lines 4-6, where the 
control processor writes the new load balancing information into the 
shared memory for use by the switching processor). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

31 . As per claim 26, Foster teaches the method according to claim 24. 

Foster does not teach a specific method of generating or updating the routing tables for 

his system. Lin teaches a method of routing within a packet switching system 

comprising: 

acquiring the routing table (Column 6, lines 4-6, where the distribution data is 
written into the shared memory for use by the switching processor); and 
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transmitting the routing table to the forwarder (Column 6, lines 4-6, where the 
distribution data is written into the shared memory for use by the switching 
processor), wherein 

the generating includes generating the routing table for the forwarder based on 
the routing information stored (Column 6, lines 55-60, where the switching 
processor accesses the routing table stored in the shared memory). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

32. As per claim 29, Foster teaches the computer program product according to 
claim 28. 

Foster does not teach a specific method of generating or updating the routing tables for 
his system. Lin teaches a method of routing within a packet switching system wherein: 
instructions further cause the computer to perform transferring the routing 
information packet via a communication path that connects between the network 
interface and the virtual interface (Column 10, lines 17-42, where the packet is 
sent from the network interface of the switching processor to the virtual interface 
of the control processor), wherein 
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the storing includes storing the routing information in the routing information 
packet transferred by the tunnel transfer unit (Column 6, lines 43-54, where the 
raw load data is sent to the master module to determine the new load balancing), 
and 

the generating includes generating the routing table for the forwarder based on 
the routing information stored (Column 6, lines 4-6, where the control processor 
writes the new load balancing information into the shared memory for use by the 
switching processor). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

33. As per claim 30, Foster teaches the computer program product according to 
claim 28. 

Foster does not teach a specific method of generating or updating the routing tables for 
his system. Lin teaches a method of routing within a packet switching system wherein: 
the instructions further cause the computer to perform: 

acquiring the routing table (Column 6, lines 4-6, where the distribution 
data is written into the shared memory for use by the switching processor); 
and 
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transmitting the routing table to the forwarder (Column 6, lines 4-6, where 
the distribution data is written into the shared memory for use by the 
switching processor), wherein 

the generating includes generating the routing table for the forwarder 
based on the routing information stored (Column 6, lines 55-60, where the 
switching processor accesses the routing table stored in the shared 
memory). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

34. Claims 23, 27, and 31 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over US 2003/0204618, Foster et al and US 6 272 522, Lin et al. 

35. As per claim 23, Lin teaches a router control system which includes a forwarder 
and a router control device (Figure 1 , pre-filtering module and firewall), wherein 

the router control device includes 

a tunnel transfer unit that transfers the routing information packet via a 
communication path that connects between the network interface and the 
virtual interface (Column 10, lines 17-42, where the packet is sent from the 
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network interface of the switching processor to the virtual interface of the 
control processor); 

a routing unit that generates the routing table for the forwarder based on 
the routing information stored in the routing information storage unit 
(Column 2, line 66, through column 3, line 3, where the control processor 
server to generate configuration information for the switching processors); 
and 

the routing table transmission unit that acquires the routing table, and transmits 
the routing table to the forwarder (Column 6, lines 4-6, where the distribution data 
is written into the shared memory for use by the switching processor), and 
the forwarder forwards a packet from its network interface to its other network 
interface according to its routing table (abstract, where the switching processors 
route received packets through to an external network), and includes a received 
packet transfer unit that transmits a routing information packet received at the 
network interface to the router control device that maintains the routing table of 
the forwarder using a routing process (Column 6, lines 43-54, where the raw load 
data is sent to the control processor, and after the data is processed, it is written 
into shared memory and used by the switching processors (Column 6, lines 4-6)). 
Lin does not teach a virtual interface method for use with his routing system. Foster 
teaches a system that routes packets using virtual identifier, where the router control 
device includes: 
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a virtual interface setting unit that that creates and manages virtual 
interfaces on a router control device according to corresponding network 
interfaces of a forwarder (Page 5, paragraph [0029], where the IFM 
maintains a virtual identifier table for each of its ports); 
a routing information storage unit that stores routing information in the 
routing information packet transferred by the tunnel transfer unit (Page 5, 
paragraph [0029], where each IFM contains a virtual identifier table for 
each of its ports). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to use a virtual addressing method such as that taught by Foster in the system 
disclosed by Lin. Lin's system effectively reroutes packets, regardless of the packet 
type. Foster's virtual identifier method would simplify routing, as it allows a path to be 
reconfigured in a manner transparent to a source (Foster, page 3, paragraph [0019]). 
This would be beneficial in Lin's system, as it would allow the routing table to work with 
virtual as well as physical addresses, making it more versatile. 
36. As per claim 27, Lin teaches a method of maintaining a routing table (Figure 1 , 
pre-filtering module and firewall), comprising: 

transferring the routing information packet by tunneling via a communication path 
that connects between the network interface and the virtual interface (Column 10, 
lines 17-42, where the packet is sent from the network interface of the switching 
processor to the virtual interface of the control processor); 
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generating a routing table for the forwarder based on the routing information 
stored (Column 2, line 66, through column 3, line 3, where the control processor 
server to generate configuration information for the switching processors); 
acquiring the routing table (Column 6, lines 4-6, where the distribution data is 
written into the shared memory for use by the switching processor); 
transmitting the routing table to the forwarder (Column 6, lines 4-6, where the 
distribution data is written into the shared memory for use by the switching 
processor); 

forwarding a packet from a network interface of the forwarder to other network 
interface of the forwarder according to a routing table of the forwarder (abstract, 
where the switching processors route received packets through to an external 
network); and 

transmitting a routing information packet received at the network interface of the 
forwarder to the router control device that maintains the routing table of the 
forwarder using a routing process (Column 6, lines 43-54, where the raw load 
data is sent to the control processor, and after the data is processed, it is written 
into shared memory and used by the switching processors (Column 6, lines 4-6)). 
Lin does not teach a virtual interface method for use with his routing system. Foster 
teaches a system that routes packets using virtual identifier, where the router control 
device includes: 
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creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder (Page 5, paragraph [0029], 
where the IFM maintains a virtual identifier table for each of its ports); 
storing routing information on the routing information in the routing information 
packet transferred (Page 5, paragraph [0029], where each IFM contains a virtual 
identifier table for each of its ports). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to use a virtual addressing method such as that taught by Foster in the system 
disclosed by Lin. Lin's system effectively reroutes packets, regardless of the packet 
type. Foster's virtual identifier method would simplify routing, as it allows a path to be 
reconfigured in a manner transparent to a source (Foster, page 3, paragraph [0019]). 
This would be beneficial in Lin's system, as it would allow the routing table to work with 
virtual as well as physical addresses, making it more versatile. 
37. As per claim 31 , Lin teaches a computer program product for maintaining a 
routing table, including computer executable instructions stored on a computer readable 
medium, wherein the instructions, when executed by the computer, cause the computer 
to perform: 

transferring the routing information packet by tunneling via a communication path 
that connects between the network interface and the virtual interface (Column 10, 
lines 17-42, where the packet is sent from the network interface of the switching 
processor to the virtual interface of the control processor); 
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generating a routing table for the forwarder based on the routing information 
stored (Column 2, line 66, through column 3, line 3, where the control processor 
server to generate configuration information for the switching processors); 
acquiring the routing table (Column 6, lines 4-6, where the distribution data is 
written into the shared memory for use by the switching processor); 
transmitting the routing table to the forwarder (Column 6, lines 4-6, where the 
distribution data is written into the shared memory for use by the switching 
processor); 

forwarding a packet from a network interface of the forwarder to other network 
interface of the forwarder according to a routing table of the forwarder (abstract, 
where the switching processors route received packets through to an external 
network); and 

transmitting a routing information packet received at the network interface of the 
forwarder to the router control device that maintains the routing table of the 
forwarder using a routing process (Column 6, lines 43-54, where the raw load 
data is sent to the control processor, and after the data is processed, it is written 
into shared memory and used by the switching processors (Column 6, lines 4-6)). 
Lin does not teach a virtual interface method for use with his routing system. Foster 
teaches a system that routes packets using virtual identifier, where the router control 
device includes: 
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creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder (Page 5, paragraph [0029], 
where the IFM maintains a virtual identifier table for each of its ports); 
storing routing information on the routing information in the routing information 
packet transferred (Page 5, paragraph [0029], where each IFM contains a virtual 
identifier table for each of its ports); 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to use a virtual addressing method such as that taught by Foster in the system 
disclosed by Lin. Lin's system effectively reroutes packets, regardless of the packet 
type. Foster's virtual identifier method would simplify routing, as it allows a path to be 
reconfigured in a manner transparent to a source (Foster, page 3, paragraph [0019]). 
This would be beneficial in Lin's system, as it would allow the routing table to work with 
virtual as well as physical addresses, making it more versatile. 

Conclusion 

38. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

39. US 7 185 365, Tang et al teaches a security enabled network access control with 
a packet forwarder and remote rule base. 

40. US 7 222 188, Ames et al teaches a method and apparatus for forwarding traffic 
using a learning switch with virtual interfaces. 

41 . US 7 007 101 , Schwaderer teaches a routing and forwarding table management 
system and method. 
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42. US 6 810 427, Cain et al teaches a router table manager. 

43. US 6 594 704, Birenbeck et al teaches a method of managing and using multiple 
VPNs in a single routing table. 

44. US 2002/0035639, Xu teaches a system and method of a packet director. 

45. US 6 032 190, Bremer et al teaches a system and method for processing data 
packets. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to THOMAS RICHARDSON whose telephone number is 
(571 )270-1 1 91 . The examiner can normally be reached on Monday through Thursday, 
8am-5pm EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Taghi Arani can be reached on (571 ) 272-3787. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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